Press Release

Coalfire Releases Guidance as President Joe Biden Signs FedRAMP Authorization Act into Law

December 23, 2022

The business case for FedRAMP just got better

WESTMINSTER, CO – December 23, 2022 - Today, President Biden signed the National Defense Authorization Act (NDAA) for Fiscal Year 2023, taking a giant step forward in securing the federal government’s cloud-first mission. The FedRAMP (Federal Risk and Authorization Management Program) Authorization Act, outlined in section 5921 of the NDAA, formalizes the cybersecurity certification that cloud service providers (CSPs) must obtain before working with the U.S. government.

Global cybersecurity pioneer Coalfire today released guidance for CSPs, government agencies, and commercial businesses on how to interpret the bill and essential key steps to ensure successful deployment and maximize protection for the cloud-first mission.

“The federal government is sending a bold message to agencies and commercial businesses that FedRAMP is here to stay,” said Tom McAndrew, chief executive officer of Coalfire, the most experienced FedRAMP assessment and advisory firm working in partnership with all major cloud service providers, including Amazon, Google, and Microsoft. “The passage of the FedRAMP Authorization Act will stimulate innovation and drive agencies to seek ‘cloud-first’ technology solutions, making for a safer, more security-conscious country.”

The codified FedRAMP imperative will make it easier for commercial cloud and software providers to access multiple agencies across the federal marketplace. The law’s most important feature is the concept of “reciprocity,” which enables CSPs to authorize once and then re-use their already-certified FedRAMP status across other agencies. By formalizing reciprocity and the “presumption of adequacy” for government contractors, agencies can more easily certify vendors and access more cyber-secure services.

“With the addition of reciprocity alone, the core business case for gaining FedRAMP authorization just got a lot better,” said McAndrew. “Now, commercial cloud and software providers have easier access to multiple agencies across the federal marketplace.”

From FISMA (Federal Information Security Management Act) in 2002 to the original FedRAMP in 2011, the FedRAMP Authorization Act accelerates secure cloud adoption for federal agencies. Today’s long-awaited FedRAMP reform is expected to spread into state and local governments and have a major impact on security standards across the commercial economy.

About Coalfire

The world’s leading organizations – the top 5 cloud service providers; 8 of the top 10 SaaS businesses; and 3 of the top 5 in financial services, healthcare, and retail – trust Coalfire to elevate their cyber programs and secure the future of their business. As the largest global firm dedicated to cybersecurity, Coalfire delivers a full lifecycle of solutions through professional services, managed services, and technology platforms to help our clients solve their toughest cyber challenges. With more than 20 years of proven cybersecurity leadership, Coalfire combines extensive cloud expertise, industry knowledge, and innovative approaches to fuel success.For more information, visit


For media inquiries:
Mike Gallo
(212) 239-8594